With Thanksgiving done, Christmas just around the corner, and the New Year approaching fast, if you’ve not yet embraced the holiday spirit, now is the time. However, in today’s world it is an unfortunate fact that those pesky Scrooges will try to take advantage of holiday goodwill to further their cybercrime schemes.



For example, a huge threat over the holidays is e-cards. They can be used to infect your computer with a virus or malware such as a key logger, or can be a vehicle used for phishing or to directly steal your money, as in this example. Typically you will (or should!) have your fraud-detection radar on high alert for email with links or attachments that you do not expect, but over the holidays an unexpected e-card is not usually treated with suspicion. Unfortunately, it should be. Microsoft provides some tips on what to look for when determining if an e-card is legitimate, including making sure that it is addressed to you by name, hovering over links to make sure that they are legitimate, and that the card is from a reputable e-card provider that you recognize.

For your own small business holiday greetings, think twice before deciding to use e-cards. Yes they are more convenient and less costly than mailed paper cards, and they are an environmentally sound choice too. But, do you really want your recipients to have to make a security judgment before accepting your offer of holiday thanks and cheer? If you truly want to go the e-greeting route, consider sending a plain text email—no links, no attachments, not even an embedded picture. It is safe, secure, and even provides an opportunity for personalization.



Gift cards (or emailed gift codes) may seem like the answer for last-minute holiday gifting. Shipping isn’t required, they can be sent via a simple email, or you can make a single stop at a gift card kiosk to find a gift card for every interest and personality on your list.

However, while your intentions may be good, these cards can cause headaches for the recipients, thanks to those ever-present Scrooges. This post outlines multiple ways thieves can steal the value from the gift cards you purchase, leaving your recipient with a useless piece of plastic. For example, thieves scan gift card magnetic strips in stores, and then use software to automatically check online until they see that the card has been legitimately activated, then they immediately use the information they stole to take the entire balance. In another scam, thieves replace the activation labels on the back of cards, then they get the money you load onto the card, and the card you have in hand is worthless. While these scams don’t compromise your personal information, they do cost you money, can end up making you look bad in the gift recipients’ eyes, and cause considerable discomfort and inconvenience to your gift recipients.

Fraudulent gift codes in emails can be more nefarious. In this recent example, a fake email from AT & T purports to be giving a free Starbucks Gift Card as a customer appreciation gift. Instead, the link in the email leads to a site that will install malware on your computer. With scams like this going around, it is not unreasonable for your gift recipients to question any email you send that includes a gift code. Even if all is good, why send a gift that elicits suspicion instead of joy as an initial reaction?



USB storage drives, in all their incarnations, are very popular this year. They come in cute designs such as puppies and super heroes, are combined with other useful devices such as pens, or can be custom branded with your company name and logo to provide brand awareness all year long. And after all, who doesn’t need a quick place to store files on the go?

Unfortunately, portable USB storage devices can be used to infect, take over, and steal information from any computer or network to which they are attached. This post outlines what happens when “BadUSB” devices turn other devices “evil.” For example, an infected USB drive can emulate a keyboard and issue commands to the computer such as instructions to install malware, it can spoof a network card and change the computer’s DNS setting to redirect traffic, or can cause a virus to install that infects the operating system prior to boot.

Unfortunately, other than not plugging a suspicious USB device into your computer in the first place, there is little you can do to prevent a “BadUSB” device from affecting you—because current Malware scanners cannot access the firmware running on USB devices. So, extra caution is necessary whenever using a USB storage device.

Thieves have been known to leave them lying around in parking lots and in stairways, hoping to snag an unsuspecting victim looking to snoop, or even altruistically seeking to find its rightful owner. Thieves have also been known to drop a holiday basket of “gift” USB drives in offices so that all employees take one and infect their devices. These drives may even be printed with a familiar vendor’s name, to make you feel more comfortable about accepting and using them.

So, be sure to let your team know that using holiday USB drives may put their personal devices at risk, and also be sure to let them know that plugging any unapproved device into a work computer is unsafe and not permitted. And, if you were thinking of portable USB storage drives as your holiday gifts to customers this year, think again– and choose a gift your customers can use without a second thought.



Checkout McAfee’s The 12 Scams of the Holidays post and infographic for more scams to look out for this year. Not only will it help you protect yourself, it will help you make gift selections that will be a cause for celebration and not for concern.

While paper cards, baskets of edible goodies, or a surprise holiday phone call may seem soooo 20th century, they are still safe choices that can be enjoyed and appreciated by your customers, colleagues, and vendors without security concerns and second-guessing. So, consider ditching the digital and making it an old fashioned holiday this year.

See weekly Small Business Tips like this one by subscribing to our blog.

Lisa Hephner

Lisa Hephner

My name is Lisa, and I’m the Vice President of Knowledge, responsible for the management of corporate, product, competitor, marketplace, legal, and regulatory knowledge, and creation and dissemination of knowledge tools using these assets to PaySimple prospects, customers, employees, and partners.

More Posts - Website - Google Plus